Break New Ground

Analyzing Your Code Dependencies for Vulnerabilities with Visual Builder Studio

Shay Shmeltzer
Director of Product Management - Oracle
This is a syndicated post, view the original post here

Most of the projects developed today rely on open source libraries - it is likely that your project does too. While using these libraries accelerates development by relying on proven solution for common needs, it also introduces a potential risk factor. Over time people discover vulnerabilities in many of these libraries. While most of the issues will get fixed in newer versions of the libraries, it is up to the consumer of the library to make sure they are up-to-date on the latest version. It is a hard task to constantly track the libraries you are using and to keep them up to date. For projects that are already in production, and have not kept their libraries updated, this is an even bigger risk opening organization to potential malicious attacks leveraging these known vulnerabilities.

Automating a review process of the libraries used in your code against databases of known vulnerability can help you stay one-step ahead of attackers. This is exactly what the Dependency Vulnerability Analyzer in Visual Builder Studio helps you achieve.

In the demo below you can see how simple it is to automate the process of reviewing the libraries your code uses, get a report about any known vulnerability in those libraries, and even how fixing your code can be streamlined.

The demo specifically uses a project that is managing the libraries used through NPM - and scans those dependencies from the package.json file against several repositories of known vulnerabilities. You can also conduct similar checks for Java projects that leverage Maven and pom files to manage dependencies.

Check out the demo, and start implementing these security check for your project today!



Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.